Microsoft has finally implemented the feature “Idle session timeout for Microsoft 365”, and it is awesome! This is not in preview anymore, but back in the day, the only way to configure this was with Conditional Access (CA), which meant an Azure AD Premium 1 license with the “Idle session timeout” feature, things have changed and in my testing environment, and it worked even with Azure AD free licenses.
What is the purpose of “Idle session timeout”?
Personally, I would use it to add another layer of security for end-users working on non-company or shared devices etc.
Important note: The idle session timeout does not affect Microsoft 365 or mobile apps.
What should I do to turn this on?
Firstly, you need to be a Global Administrator.
Then log in to Microsoft 365 admin center, go to Org Settings > Security & Privacy tab, and select Idle session timeout.
To enable the Idle Session Timeout, select the toggle button. You can choose a default setting time or set your own (custom).
Note: It may take a few minutes before idle sessions are enabled in your organization
What should users expect?
When a user has been inactive in Microsoft 365 web apps for a set amount of time, they will see the following prompt. The user will have the option to stay signed in or to sign out.
Furthermore, only certain Microsoft 365 web apps are supported (see below). Microsoft plans to add more soon.
- Outlook Web App
- OneDrive for Business
- SharePoint Online (SPO)
- Microsoft365.com and other start pages
- Microsoft 365 apps (Word, Excel, PowerPoint) on the web
- Microsoft 365 Admin Center
- M365 Defender Portal
- Microsoft Purview Compliance Portal
- Azure Portal
If you are interested to read more about this feature, please visit the Microsoft docs site – click here.